Skip to main content

Like many websites, BSA’s websites use cookies to ensure the efficient functioning of those websites and give our users the best possible experience. You can learn more about how we use cookies, and how you can change your browser's cookie settings, in our cookies statement. By continuing to use this site without changing your cookie settings, you consent to our use of cookies.



US: BSA Comments on NIST’s RFC on Draft Documents Responsive to NIST’s Assignments Under E.O. 14110 (Sections 4.1, 4.5, and 11)

We appreciate NIST’s leadership on these issues and highlight below our key recommendations for each publication:

Generative AI Profile

  • Enable full legal use of data to train AI systems, including copyrighted data and personal data;
  • Acknowledge privacy issues implicated by long-term retention of documentation;
  • Align recommended practices to organizations’ role in the AI ecosystem;
  • Revise recommendations for obtaining independent audits;
  • Tailor recommendations for red teaming to specific circumstances;
  • Revise the trigger for conducting impact assessments;  

A Plan for Global Engagement on AI Standards  

  • Continue support for private sector-led, multistakeholder, voluntary standards development;
  • Maintain recommendation to prioritize supply chain transparency in standardization process;
  • Exclude upstream reporting from the standardization priority areas;  

Reducing the Risks of Synthetic Content  

  • Leverage existing industry tools to improve digital content transparency;
  • Support technical research and policy approaches for limiting the ability to remove metadata or watermarks from digital content;  

Secure Software Development Practices  

  • Continue risk-based approach that provides flexibility for application to varied use cases;
  • Revise the recommendations on tracking and verifying data provenance;
  • Revise the recommendation to revert to previous models to respond to AI risks; and
  • Acknowledge that the varied roles of AI actors and different deployment contexts will affect how recommendations on reporting security issues are implemented.
Download PDF